18% of employees admitted to sharing their password.

In 2008, the average cost per incident of a data breach was $6.7 million, and lost business averaged $4.6 million.

64% of losses were due to the actions of insiders at the company.

A shocking 11% of employees reported that they or their fellow employees accessed unauthorized information and sold it for profit.

Business travelers lose more than 12,000 laptops per week in US airports.

31% of customers terminate their relationship with organizations following a breach.

Businesses lost over $1 trillion to cybercrime in 2008.

77% of companies think their networks are not secure.

The per capita cost of a data breach already exceeds $1000.

Read More

39% most concerned about threat from employees, not hackers.

Read More

  • Home
  • Products
  • Industry
  • Technology
  • Demonstrations
  • Resources
  • About
Press Our People © ® Acknowledged
Sovay Server Sovay SDK Sovay SaaS
Enterprise Public Sector
Demonstrations Articles CTO Corner Industry Musings Ask Sovay
SovayID Service Login Tutorial Registration Tutorial
Sovay Overview User Satisfaction Commodity Hardware How Sovay Works Scalability Standards Open Architecture Extensible
Login to Sovay Registering

How Sovay Works

Sovay is the first product to deliver on the promise of authentication: identify the user.  People identify people by sight, sound and communication of current information.  Sovay mimics this very human process by obtaining a multimedia video of the user speaking a unique phrase.  It is through this process that the user is irrefutably identified.

Sovay depends on a number of underlying technologies including speech recognition, speaker identification, face recognition, lip reading and out-of-band message delivery.  Each of these technologies can be singularly or redundantly applied during user identification.

Speech recognition is speaker independent and content dependent technology that transforms sounds into words.  It doesn’t matter who says it, the results are the same.  Sovay uses the most common of these technologies: speech to text.  An intermediate result is used in the native implementation of Sovay: the phonemes.

A message is sent to the user containing a Secret Phrase and a Sovay Phrase.  Only the user knows how to respond to the Secret Phrase.  The user must also recite the Sovay Phrase in the response.  The Sovay Phrase is a few words chosen by the system at random and that the user has not spoken previously.  Speech recognition is applied to both the response to the Secret Phrase and the Sovay Phrase.

The result of the speech recognition is compared against the phrases sent in the message for the current login.  The results are reported to Sovay.

For instance, a Secret Phrase might be “favorite outfit” and the associated response might be “my red dress”.  During Sovay authentication a message is sent to the user: “favorite outfit”, followed by “Black Diamonds”.  The user must respond by facing the webcam and saying “my red dress, Black Diamonds”.  The speech recognition engine enables Sovay to determine if the speaker spoke the correct sounds.

Speaker identification is speaker dependent and content independent technology that identifies a speaker.  It doesn’t matter what they say, the speaker always sounds the same.  Sovay uses the most common of these technologies offered by a number of biometric vendors.  Both the response to the Secret Phrase and the Sovay Phrase are analyzed using speaker identification, by comparing the data collected when the user registers an account.  The results are reported to Sovay.

The combination of speaker identification and speech recognition applied to the same speech sample and yielding a match of what was said and who said it, would be considered by many systems to be strong authentication.  It doesn’t add up to irrefutable identification.  When you think about it, when have you ever heard or seen an All-Points-Bulletin for “a guy sounds like”"¦well you get it.  People can fake their voices.

Face recognition is subject dependent technology that identifies the user.  Your image uniquely defines you.  The authentication process uses face recognition technology to insure the subject is in front of the camera.  The results are sent to Sovay.

For someone that is trying to avoid being identified, it would be easy to simply disguise one’s voice and use a picture of someone else to create a persona that doesn’t really exist.   While difficult to do in the work place, at home a person could add entries to the account registration data, then authenticate as the alter ego and commit crimes.

Lip reading is speaker independent and content dependent.  Lip reading insures that the facial image viewed by the camera is speaking the right phrase.  Lip reading works because creating particular sounds requires our airway to be blocked or partially blocked from time to time during speech.  Try saying “bat” or “slap” without putting your lips together to block the airway.  The results of the analysis are sent to Sovay.

Sovay makes a complete record of each and every login.  The video is stored and can be archived if there is any question of the login.  If you choose to use SMS or voice line notification of the Secret Phrase and the Sovay Phrase there will also be an independent record of the login.

Using the full multi-channel multifactor Sovay employs:

  1. Something the user knows; a response to the Secret Phrase.
  2. Something the user does; speaker identification
  3. Something the user also does; lip reading.
  4. Something the user is; facial recognition.
  5. Something the user has; the registered cell phone.
  6. And, proof that the user is live; the Sovay Phrase, lip reading and voice recognition.

And the recording takes less than 3 seconds.

Looked at another way, to break into Sovay, the hacker needs to know the username, get access to the target user’s cell phone, know the response to the Secret Phrase, and have an audio/video of the user saying the random Sovay Phrase (something the user has not said before).

And still another way to look at it, to allow someone else to use your Sovay secured account, you have to tell someone your username, give them your cell phone or be available to pass along the response to the Secret Phrase and the Sovay Phrase, then give away an audio/video of you speaking the Secret Phrase and Sovay Phrase (something you have not said before).  In other words, you have to be there; without you it fails.

It’s not authentication, it’s user identification.

More Ask Sovay

  • Are our "trustworthy" employees actually a significant risk?
  • Do Biometrics have high False Rejection Rates (FRR)?
  • Does stronger authentication cost more?
  • Do large, world-class organizations need stronger authentication?
  • How do we implement a system that many types of users can use, without changing the way they work?
  • Is Multifactor Authentication the ultimate in enterprise security?
  • Are fingerprint readers the current state-of-the-art in biometric identification?
  • Our users will not tolerate any inconvenience. How do we improve authentication security and keep our workers happy?
  • Will tokens help achieve strong authentication?
  • Are passwords the typical best practice?

Words used by visitors that found this page online: anti-, 2 factor, access, accounts, algorithms, analysis, antimalware, application, authentication, authority, authorization, automatic, automatically, band, behavior, biometric, biometrics, body, calculate measurements, calculations, caller, card, catch, categories, characteristic, client, clock, cloud, code, codes, coding, command, company, computer, configure, confirm, content, control, corrupt, crash, creator, credentials, credit card, cross, cryptic, custom, customizable, cybercrime, data, defraud, deny, designed, detector, development, device, digital, disrupt, download, dynamics, e-mail, electronic communication, email, eye, face, filter, finger, fingerprint, fingerprinting, fingerprints, firewall, fix aquire, foolproof, forced protection, forgery, fraud, generated, hack, hardware, has, hidden, human, id, identification, identity, idworks, implement, information, infrastructure, integration, intellectualproperty, intelligence, internal, iris, is, knows, legitimate, link, lock, login, machine, malware, maleware, malicious, managemalware, management, manipulation, methods, mirrors, more, motion, movement, multi-factor, multifactor, multiple, needbest, network, online, operating, operations, operator, options, organization, palm, password, pattern, paymentprocessor, personal, personaldetails, phone, phrase, physical, PIN, points, prevent, preventingfraud, print, privacy, problem, product, products, profiling, program, programming, protection, public, reader, recognition, reliable, remote, removal, retina, risk, safe, safenetwork, safety, scam, scan, scanner, scanning, screening, scripts, secure, security, services, sites, skin, solution, spam, specialized, spoken, spoof, spoofproof, spoofing, standards, strong, synchronous, system, systembiometrics, technical, techniques, technology, theft, threats, token, tools, track, true, trustworthy, two-factor, unauthorized, unique, user, userfriendly, username, verification, verified, verify, virus, vocaltract, voice, voiceprint, web, website, wireless, words, work

Veritrix is a User Authentication software company. Our unique line of Sovay products offer the latest versions of Identification Protection Software with the following methods: Real Time Authentication Solutions, Multifactor Authentication Solutions and Biometric Authentication Technology.


    ©Veritrix - 2010, all rights reserved. Privacy Policy | Sitemap | For more information contact sales@veritrix.com
twitter linkedin